Weitz & Luxenberg to Probe Lenovo Superfish Malware Damage Claims

NEW YORK, N.Y., Feb. 24, 2015 (SEND2PRESS NEWSWIRE) — A security expert’s discovery last month that certain Lenovo laptop computers were shipped with well-concealed malware giving hackers easy access to users’ most confidential information has led Weitz & Luxenberg P.C. to announce an investigation into potential legal claims against the hardware manufacturer and against the malware vendor, Superfish, the law firm today disclosed.

Weitz & Luxenberg said it plans to talk to as many Lenovo users as possible about their legal rights to compensation from both Lenovo and Superfish.

Weitz & Luxenberg said users of certain Lenovo laptops sold in the last five months could be harmed by the malware – a commercial product called VisualDiscovery – via “man-in-the-middle” attacks.

In such an attack, a hacker lurking on the Lenovo user’s Wi-Fi network hijacks the laptop’s internet browser to steal bank credentials, passwords and any other valuable data that might be stored on the laptop, the firm explained.

Hackers could also potentially use the laptop’s own security key to certify imposter HTTPS websites – a practice known as “spoofing” – that masquerade as Bank of America, Google or any other secure destination on the Internet, Weitz & Luxenberg warned.

Superfish Creates Lenovo Super-Vulnerability:

According to a report in The New York Times published this week, Superfish’s VisualDiscovery software could enable hackers to monitor and exploit everything a Lenovo user does while online.

“The tragedy is that Lenovo users have been led to believe the data they’re storing on their laptops are safe and secure, when those data are anything but safe and secure,” said Robin L. Greenwald, who heads Weitz & Luxenberg’s Environmental, Toxic Tort & Consumer Protection Unit.

Security experts who have looked into this situation contend that only by fully wiping out the memory of a vulnerable Lenovo laptop and then installing a non-Lenovo version of Windows can a user be assured of closing the security hole created by the Superfish VisualDiscovery software.

Some computer experts said taking such a step may expose users to still more harm since fully erasing a computer’s factory-installed memory and replacing it opens the door to potentially unforeseen performance glitches.

In the worst cases, these glitches can destabilize a system to the point that the user can no longer rely on it and may need to replace the entire machine, experts caution.

Slate Magazine called Lenovo’s decision to pre-install the Superfish software a betrayal of its customers. Slate quoted one expert as saying he “cannot overstate how evil [Lenovo’s action] is.”

Weitz & Luxenberg points to other computer experts as saying that when Lenovo added the Superfish product it knew a significant security hole would be created, making the laptops easy prey for hackers.

Nine Lenovo Laptop Models Affected:

Affected are Lenovo G, U, Y, Z, S, Flex, MIIX, YOGA, and E series laptops sold between last September and this month, according to news reports.

Lenovo, the news reports continue, admits to having shipped those models with the Superfish product installed.

Slate asserts that Lenovo should have known about the problem as early as Jan. 21 when a user who discovered the vulnerability reported it to a Lenovo forum.

Greenwald said Lenovo since that time has failed to take appropriate steps to eliminate the problem.

Weitz & Luxenberg said harmed Lenovo users may be able to pursue legal action by claiming the consumer protections offered through various federal and state statutes, plus civil law.

“Consumers who have been harmed have a right to be fully compensated for their injuries,” said Greenwald. “We intend to help see that justice is done for them.”

About Weitz & Luxenberg:

Weitz & Luxenberg P.C. is among the nation’s leading and most readily recognized personal injury law firms. Weitz & Luxenberg’s numerous litigation areas include: mesothelioma, defective medicine and devices, environmental pollutants, consumer protection, accidents, personal injury, and medical malpractice. Victims of accidents are invited to rely on Weitz & Luxenberg’s more than 25 years of experience handling such cases. You can contact the firm’s Client Relations department at 800-476-6070 or at clientrelations@weitzlux.com.

Jennifer is the managing content editor for Florida Newswire™, and has been a team member of the Neotrope® News Network since Dec. 2008. She is a creative writer, former surfer girl, and currently resides in South Florida. She paints, is a foodie, and owns two pure white tabby cats who prefer their identities be kept secret (and no, they don't have their own Facebook page).